18311461. AUTOMATIC RUNTIME EXECUTION HARDENING THROUGH STATIC SYSTEM APPLICATION PROGRAMMING INTERFACE (API) DATA MAPPING simplified abstract (Microsoft Technology Licensing, LLC)
AUTOMATIC RUNTIME EXECUTION HARDENING THROUGH STATIC SYSTEM APPLICATION PROGRAMMING INTERFACE (API) DATA MAPPING
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Yair Netzer of Ganei Tlkvah (IL)
AUTOMATIC RUNTIME EXECUTION HARDENING THROUGH STATIC SYSTEM APPLICATION PROGRAMMING INTERFACE (API) DATA MAPPING - A simplified explanation of the abstract
This abstract first appeared for US patent application 18311461 titled 'AUTOMATIC RUNTIME EXECUTION HARDENING THROUGH STATIC SYSTEM APPLICATION PROGRAMMING INTERFACE (API) DATA MAPPING
Simplified Explanation: The patent application describes systems and methods for automatically enhancing the security of software programs during development by generating enforcement profiles based on analysis of the program's artifacts.
Key Features and Innovation:
- Automatic enforcement profile generation for software programs undergoing development.
- Static analysis of software artifacts, including machine code, to generate system API usage data.
- Creation of platform-specific enforcement profiles for secure mode hardening based on API usage and platform configuration data.
Potential Applications: This technology can be applied in various industries where software security is crucial, such as finance, healthcare, and government sectors.
Problems Solved: This technology addresses the need for enhanced security measures in software development to prevent vulnerabilities and potential cyber threats.
Benefits:
- Improved security for software programs during development.
- Automatic generation of enforcement profiles reduces manual effort and human error.
- Enhanced protection against cyber attacks and unauthorized access.
Commercial Applications: The technology can be utilized by software development companies, cybersecurity firms, and organizations with a focus on data protection to ensure the security of their software products.
Prior Art: Readers can explore prior research on automatic runtime execution hardening and software security measures in the field of software development.
Frequently Updated Research: Stay informed about the latest advancements in software security, enforcement profile generation, and runtime execution hardening to enhance the protection of software programs.
Questions about Software Security: 1. How does automatic enforcement profile generation improve software security during development? 2. What are the potential implications of implementing platform-specific enforcement profiles for secure mode hardening in software programs?
Original Abstract Submitted
Systems and methods are provided for implementing automatic runtime execution hardening for software programs undergoing software development. In various embodiments, a computing system performs automatic enforcement profile generation within a software development environment in which source code of a software program is compiled or translated to create an executable software program. Automatic enforcement profile generation includes accessing, from a data storage device, an artifact associated with the software program, statically analyzing the artifact (including machine code) associated with the software program without executing the software program, and generating system API usage data based on the analysis. A platform-specific enforcement profile for a secure mode hardening feature is created based on the system API usage data and platform configuration data. When applied to the software program, the platform-specific enforcement profile defines actions (including system calls) that the software program is allowed to perform, while blocking other actions (including other system calls).
